JWT with EdDSA / Ed25519 signature
Edwards-curve based JSON Web Signatures (JWS) is a high performance algorithm for providing integrity, authenticity and non-repudation to JSON Web Tokens (JWT).
The Nimbus JOSE+JWT library supports the following EdDSA algorithms:
- EdDSA with Ed25519 curve.
- Ed25519 as fully specified algorithm.
The example uses the key ID (“kid”) parameter of the JWS header to indicate the signing key and simplify key roll-over. The exact method by which the recipient establishes the public EdDSA key candidate(s) to check the signature must be specified by the application’s security protocol.
The JWT includes a set of claims,
packaged in a JSON object. Note that the SignedJWT.verify
method only checks
the validity of the signature. The claims, which treatment is application
specific, must therefore be subsequently checked by your application code.
Example code:
import java.util.Date;
import com.nimbusds.jose.*;
import com.nimbusds.jose.crypto.*;
import com.nimbusds.jose.jwk.*;
import com.nimbusds.jose.jwk.gen.*;
import com.nimbusds.jwt.*;
// Generate a key pair with Ed25519 curve
OctetKeyPair jwk = new OctetKeyPairGenerator(Curve.Ed25519)
.keyID("123")
.generate();
OctetKeyPair publicJWK = jwk.toPublicJWK();
// Create the EdDSA signer
JWSSigner signer = new Ed25519Signer(jwk);
// Prepare JWT with claims set
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
.subject("alice")
.issuer("https://c2id.com")
.expirationTime(new Date(new Date().getTime() + 60 * 1000))
.build();
SignedJWT signedJWT = new SignedJWT(
new JWSHeader.Builder(JWSAlgorithm.EdDSA).keyID(jwk.getKeyID()).build(),
claimsSet);
// Compute the EC signature
signedJWT.sign(signer);
// Serialize the JWS to compact form
String s = signedJWT.serialize();
// On the consumer side, parse the JWS and verify its EdDSA signature
signedJWT = SignedJWT.parse(s);
JWSVerifier verifier = new Ed25519Verifier(publicJWK);
assertTrue(signedJWT.verify(verifier));
// Retrieve / verify the JWT claims according to the app requirements
assertEquals("alice", signedJWT.getJWTClaimsSet().getSubject());
assertEquals("https://c2id.com", signedJWT.getJWTClaimsSet().getIssuer());
assertTrue(new Date().before(signedJWT.getJWTClaimsSet().getExpirationTime()));
Support for EdDSA was introduced in Nimbus JOSE+JWT 6.0.
Support for the fully specified Ed25519 algorithm was introduced in Nimbus JOSE+JWT 9.38-rc5.
Note that for EdDSA you need to include the optional Tink dependency in your project. For Nimbus JOSE+JWT 9.38 that would be
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.13.0</version>
</dependency>